Excluding VPN software folders from being blocked by SONAR/ flagged as security risks

Under exceptions on SEPM if I add folders (and their sub folders) into the exclusions list exempting them from scans would that prevent SONAR from blocking DNS/hostname changes initiated by executables within those folders?

I need to allow our VPN clients to initiate DNS changes/changes to the host file so that they continue to function properly but inspite of adding their folder paths to the exclusions list and applying the exception to the respective OU (SEPM syncd with AD) I still see that SONAR continues to block certain legit executables from within the excluded folders from performing DNS/hostname changes.

I do not want to add DNS or hostname change exception to specific executables cos the SHA-256 values differ from language to language and version to version. I prefer excluding the folders themselves.

Please bear in mind that for all other folders and files I want SONAR to behave the way it currently does so changing the System Change Events (SONAR) under the Virus and Spyware Protection Policies to log only/ignore is not an option.

Yes I understand that too... as mentioned in my original post if I have legit DNS changes being initiated by more than 1 executable within those folders and I have muliple versions of the VPN software running then that would result in creating multiple SHA-256 exceptions.

I am having the same problem and am looking for a way to do this also because we run several VPN client versions. Looking for a way to allow all versions of our current VPN client versions to do host/DNS changes, and also guard us against having future versions blocked as well. So far putting in a folder exception for the VPN client folder does not work. It excludes it from SONAR scans, but does not exclude it from host/DNS changes.

Anybody know of a way to do this? So far it doesn't look like it is possible and we don't want to disable SONAR.

Isn't that essentially the same as disabling SONAR protection for DNS/host changes? We'd rather not disable this protection but rather allow an exception for all versions of our VPN client software. Thanks for the reply.

We are on version 12.1 RU1 MP1. We've done what the article states, but that uses the hash. Our goal was to add an exception that does not include a hash (or see if it's possible) so that we can guard against installing future versions. Thanks for your reply.